f56d3c2fca6890f0db4ab6e845dbc934_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

f56d3c2fca6890f0db4ab6e845dbc934_JaffaCakes118
Size

169KB
MD5

f56d3c2fca6890f0db4ab6e845dbc934
SHA1

e9e2bc57ce7df4133a6c2e0256f5466dabfc4570
SHA256

485abd0e9fd62bcd92ba3287c9aba83c60e32c36be39a3146c010388e67321d2
SHA512

2fb449283a9afe61f001d829af4661e8677f93b7587f663a4c38402323c78f41dce2197527825ee892217b8ee2b9d5bc9f1151a9323c23052b65b8583dd87ff1
SSDEEP

3072:oGOV4lWLou8uG7CKVW4grs/j3BtOjNX5T3w9ZLzv:jlpDjWlEj3/4T3c

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f56d3c2fca6890f0db4ab6e845dbc934_JaffaCakes118

Files

f56d3c2fca6890f0db4ab6e845dbc934_JaffaCakes118
.exe windows:5 windows x86 arch:x86

291969fe740254ed648e299cfcbea346

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

gdi32

RestoreDC
SetMapMode
GetPixel
SetTextAlign
SetStretchBltMode
SetTextColor
DeleteDC
SelectPalette
GetClipBox
PatBlt
GetStockObject
CreateFontIndirectA
GetObjectA
SaveDC
LineTo
GetTextMetricsA
SelectObject
CreatePalette
RectVisible
CreateSolidBrush
CreateCompatibleDC
GetDeviceCaps
DeleteObject
CreatePen

kernel32

GetOEMCP
GlobalFindAtomW
RemoveDirectoryA
SetCurrentDirectoryA
QueryPerformanceCounter
GetCurrentThreadId
GetCurrentProcess
DeleteFileW
lstrcmpA
GetConsoleOutputCP
GetProcessHeap
DeleteFileA
GetACP
lstrcmpiW
GetCommandLineW
GetCurrentProcessId
lstrlenW
GetWindowsDirectoryA
GlobalFindAtomA
GetCurrentThread
lstrcmpiA
IsDebuggerPresent
GetStartupInfoA
GetTickCount
GetModuleHandleW
CopyFileA
GetDriveTypeA
VirtualAlloc
lstrlenA
VirtualFree
GetUserDefaultLangID
GetVersion
GetModuleHandleA
MulDiv
GetCommandLineA
GetThreadLocale

user32

GetSystemMetrics
GetDC
GetDesktopWindow
GetParent
CharNextA
TranslateMessage

glu32

gluNurbsCallback

Sections

.text
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Xqvhih Q
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 26KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Wpkdfswp
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 99KB - Virtual size: 99KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 31KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

291969fe740254ed648e299cfcbea346

Headers

DLL Characteristics

File Characteristics

Imports

gdi32

kernel32

user32

glu32

Sections

.text Size: 10KB - Virtual size: 10KB

Xqvhih Q Size: 512B - Virtual size: 4KB

.rdata Size: 26KB - Virtual size: 25KB

Wpkdfswp Size: 512B - Virtual size: 4KB

.data Size: 99KB - Virtual size: 99KB

.rsrc Size: 31KB - Virtual size: 30KB

.text
Size: 10KB - Virtual size: 10KB

Xqvhih Q
Size: 512B - Virtual size: 4KB

.rdata
Size: 26KB - Virtual size: 25KB

Wpkdfswp
Size: 512B - Virtual size: 4KB

.data
Size: 99KB - Virtual size: 99KB

.rsrc
Size: 31KB - Virtual size: 30KB